U.S. patent number 7,817,553 [Application Number 11/126,487] was granted by the patent office on 2010-10-19 for local area network services in a cable modem network.
This patent grant is currently assigned to Cisco Technology, Inc.. Invention is credited to Harshavardhan Parandekar.
United States Patent |
7,817,553 |
Parandekar |
October 19, 2010 |
**Please see images for:
( Certificate of Correction ) ** |
Local area network services in a cable modem network
Abstract
A network device has a network interface to allow the device to
send and receive traffic across a network. The device also has a
cable connection to allow the device to exchange data with at least
one other device across a cable network. The device has a processor
to receive traffic having a network identifier through the network
interface and determine if the network identifier is associated
with a virtual private network. If the network identifier is
associated with a virtual private network, the device then routes
the traffic to an appropriate receiving entity through the cable
connection if the network identifier is associated with a local are
network.
Inventors: |
Parandekar; Harshavardhan (San
Jose, CA) |
Assignee: |
Cisco Technology, Inc. (San
Jose, CA)
|
Family
ID: |
35425145 |
Appl.
No.: |
11/126,487 |
Filed: |
May 10, 2005 |
Prior Publication Data
|
|
|
|
Document
Identifier |
Publication Date |
|
US 20050265309 A1 |
Dec 1, 2005 |
|
Related U.S. Patent Documents
|
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
Issue Date |
|
|
60574506 |
May 25, 2004 |
|
|
|
|
60574876 |
May 26, 2004 |
|
|
|
|
60582732 |
Jun 22, 2004 |
|
|
|
|
60588635 |
Jul 16, 2004 |
|
|
|
|
60590509 |
Jul 23, 2004 |
|
|
|
|
Current U.S.
Class: |
370/235 |
Current CPC
Class: |
H04L
12/2801 (20130101); H04L 63/0272 (20130101); H04L
12/4645 (20130101); H04L 63/04 (20130101) |
Current International
Class: |
H04J
1/16 (20060101); H04L 12/26 (20060101) |
References Cited
[Referenced By]
U.S. Patent Documents
Foreign Patent Documents
|
|
|
|
|
|
|
0072509 |
|
Nov 2000 |
|
WO |
|
2005117310 |
|
Dec 2005 |
|
WO |
|
2005117358 |
|
Dec 2005 |
|
WO |
|
Other References
US. Appl. No. 11/131,766, filed May 17, 2005, Chapman et al. cited
by other .
U.S. Appl. No. 11/135,777, filed May 23, 2005, Chapman et al. cited
by other .
U.S. Appl. No. 11/137,606, filed May 24, 2005, Chapman et al. cited
by other .
Postel, J., "User Datagram Protocol", RFC 768, Aug. 28, 1980, 3
pgs. cited by other .
Postel, Jon, Editor, "DARPA Internet Program Protocol
Specification", RFC 791, Sep. 1981, 45 pages. cited by other .
Deering, S., "Host Extensions for IP Multicasting", RFC 1112, Aug.
1989. cited by other .
Droms, R., "Dynamic Host Configuration Protocol", RFC 2131, Mar.
1997. cited by other .
Townsley, W., et al., "Layer Two Tunneling Protocol "L2TP"", RFC
2661, Aug. 1999, 80 pages. cited by other .
Cable Television Laboratories, Inc., "Data-Over-Cable Service
Interface Specifications DOCSIS 2.0, Radio Frequency
Specification", SP-RFIv2.0-I04-030730, 1999-2003, 488 pages. cited
by other .
Cable Television Laboratories, Inc., "Data-Over-Cable Service
Interface Specifications DOCSIS 2.0, Radio Frequency Interface
Specification", CM-SP-RFIv2.0-I08-050408, Annex C, pp. 339-390,
Copyright 1999-2005. cited by other .
Cable Television Laboratories, Inc., "Data-Over-Cable Service
Interface Specifications DOCSIS 2.0, Radio Frequency
Specification", CM-SP-RFIv2.0-I09-050812, 1999-2005, 534 pages.
cited by other .
Cable Television Laboratories, Inc., "DOCSIS.RTM. Set-top Gateway
(DSG) Interface Specification" CM-SP-DSG-I02-040804, Copyright
2001-2004. cited by other .
Cable Television Laboratories, Inc., "DOCSIS.RTM. Set-top Gateway
(DSG) Interface Specification" CM-SP-DSG-I04-050408, Copyright
2001-2005. cited by other .
Bhattacharyya, et al., "An Overview of Source-Specific Multicast
(SSM)", RFC 3569, Jul. 2003. cited by other .
Droms, R., et al., "Dynamic Host Configuration Protocol for IPv6
(DHCPv6)", RFC 3315, Jul. 2003. cited by other .
Droms, R., "Stateless Dynamic Host Configuration Protocol (DHCP)
Service for IPv6", RFC 3736, Apr. 2004. cited by other .
Cisco Systems, Inc., DHCP and the DOCSIS Configuration File for
Cable Modems (DOCSIS 1.0), Document ID: 10961, Sep. 16, 2004. cited
by other .
IEEE Standards, "802.16, IEEE Standard for Local and Metropolitan
Area Networks, Part 16: Air Interface for Fixed Broadband Wireless
Access Systems", IEEE Std. 802.16--2004, Oct. 1, 2004, 893 pages.
cited by other .
Cable Television Laboratories, Inc., "Data-Over-Cable Service
Interface Specifications Modular CMTS", CM-SP-DEPI-W03-050302, 49
pgs., Copyright 2005. cited by other .
Lau, J., et al., "Layer Two Tunneling Protocol--Version 3
(L2TPv3)," RFC 3931, Mar. 2005, 94 pages. cited by other .
Chapman, John T., "CMTS Remote PHY for a DOCSIS Network: DMPI Over
IP Protocol Specification", RP-SP-DoIP-D1-040715B.doc, Cisco
Systems, Inc., EDCS-387722, May 26, 2004. cited by other .
Postel, Jon, Editor, "DARPA Internet Program Protocol
Specification", RFC 791, Sep. 1981, 45 pages. cited by other .
Deering, S., "Host Extensions for IP Multicasting", RFC 1112, Aug.
1989. cited by other .
Droms, R., "Dynamic Host Configuration Protocol", RFC 2131, Mar.
1997. cited by other .
Adoba, et al. Extensible Authentication Protocol (EAP), RFC 3748,
Jun. 2004, pp. 1-64, Standards Track. cited by other .
ITU-T Telecommunications Standardization Sector of ITU, Series J:
Cable Networks and Transmission of Television, Sound Programme and
other Multimedia Signals, Interactive Systems for Digital
Television Distribution, Recommendation J. 122, Dec. 2002, 506
pages, International Telecommunications Union. cited by other .
Cable Television Laboratories, Inc., "DOCSIS Radio Frequency
Interfaces Specification", CM-SP-RFIv2.0-I10-051209, 538 pgs., Dec.
9, 2005. cited by other .
Madvinsky, et al., Don't Let Your Modem Be Cloned, Jun. 2000, pp.
1-7, Communications Technology. cited by other .
Millet, Theft of Service-Inevitable?, Dec. 2005, pp. 1-4,
Communications Technology. cited by other .
ETSI, Data-Over-Cable Systems Part 2 Radio Frequency Interface
Specifications, Jan. 2003, pp. 59-66, ES 201 488-2 V1.2.1. cited by
other .
Data Over Cable Service Interface Specification, Aug. 4, 1997.
cited by other .
Ethereal: Display Filter Reference: DOCSIS Upstream Channel
Descriptor, Webarchivedate Apr. 27, 2004. cited by other .
DOCSIS Set Top Gateway (DSG) interface specification, Feb. 28,
2002. cited by other .
An Overview of Internet Protocols, Dann, Jan. 1998. cited by other
.
Patrick, M.; RFC3046-DHCP Rely Agent Information Option; The
Internet Society (2001) http://www.faqs.org/rfcs/rfc3046.html; Jan.
2001; 11 pages. cited by other .
Cable Television Laboratories, Inc., Interim Specification,
Data-Over-Cable Service Interface Specifications, Radio Frequency
Specification, SP-RFIv1.1-I02-990731, Jul. 30, 1999, 353 pages.
cited by other .
Cable Television Laboratories, Inc., Interim Specification,
Data-Over-Cable Service Interface Specifications, Radio Frequency
Interface Specification, SP-RFIv1.1-I04-000407, Apr. 7, 2000, 376
pages. cited by other .
3COM, High-Speed Cable Internet Solutions,
http://www.3com.com/cablenow/pdf/7125dsht.pdf, Dec. 1999, 4 pages.
cited by other .
Phuc H Tran, USPTO Office Action Paper No. 20080427, May 1, 2008,
10 pages. cited by other .
U.S. Appl. No. 11/292,725, Bernstein et al., "Advanced Multicast
Support for Cable", filed Dec. 1, 2005. cited by other .
Thompson, et al. IPv6 Stateless Address Autoconfiguration, RFC
2462, Dec. 1998, pp. 1-24, Network Working Group. cited by other
.
Thompson, et al. IPv6 Stateless Address Autoconfiguration, RFC
4862, Sep. 2007, pp. 1-29, Network Working Group. cited by other
.
Hawa et al., "Quality of Service Scheduling in Cable and Broadband
Wireless Access Systems," at
http://www.ittc.ku.edu/publications/documents/Hawa2002.sub.--iwqos.sub.---
paper.pdf, downloaded on Sep. 29, 2008. cited by other .
Ramakrishnan, Sangeeta, "Next Generation Edge--Realizing the vision
of shared resources and bandwidth", Jan. 2005, 16 pgs. cited by
other .
Cisco Systems, Inc., "Downstream External PHY Interface
Specification", SP-DEPI-W2-041101A.DOC, EDCS-408926, Oct. 29, 2004.
cited by other .
Chapman, John T., "Remote PHY Technical White Paper Addendum,"
Downstream External PHY Interface Specification, Cisco Systems,
Inc., EDCS-377253, Oct. 1, 2004. cited by other .
Desai, et al., FastChannel: A Higher-Speed Cable Data Service,
AT&T Labs-Research, pp. 1-13, Jan. 2002. cited by other .
Fellows et al., "DOCSIS Cable Modem Technology", IEEE Communication
Magazine, vol. 39, Issue 3, Mar. 2001, pp. 202-209. cited by
other.
|
Primary Examiner: Trost, IV; William
Assistant Examiner: Jain; Raj
Attorney, Agent or Firm: Stolowitz Ford Cowger LLP
Parent Case Text
RELATED APPLICATIONS
This application is a continuation of, and claims priority to, the
following provisional patent applications: 60/574,506, filed May
25, 2004; 60/574,876, filed May 26, 2004; 60/582,732, filed Jun.
22, 2004; 60/588,635, filed Jul. 16, 2004; and 60/590,509, filed
Jul. 23, 2004.
Claims
What is claimed is:
1. A system having an aggregation device and a Cable Modem
Termination System (CMTS), the system comprising: CMTS circuitry
located on the CMTS, the CMTS circuitry configured to: analyze a
communication received over an upstream communication path that
extends from the CMTS to an originating cable modem to identify a
service identifier (SID) associated with the received upstream
communication; compare the identified SID to a table mapping SIDs
to Virtual Local Area Network (VLAN) tags; attach one of the VLAN
tags from the table to the communication according to the
comparison; forward the communication having the attached VLAN tag
over a network to the aggregation device; and aggregation device
circuitry located on the aggregation device, the aggregation device
circuitry configured to: receive the forwarded communication and
identify the VLAN tag attached thereto; select a particular tunnel
from a plurality of tunnels extending from the aggregation device
to a plurality of CMTSs according to the identified VLAN tag; and
send the communication over the selected one of the tunnels.
2. The system of claim 1, wherein a destination CMTS receives the
communication forwarded from the aggregation device over the
selected one of the tunnels and routes the communication over a
tunnel corresponding to a destination cable modem.
3. The system of claim 1, wherein the forwarding from the receiving
CMTS to the aggregation device, and then from the aggregation
device to a destination CMTS, allows two cable modems that are
serviced by different CMTSs to operate in a same Virtual Private
Network (VPN).
4. The system of claim 1, wherein a destination CMTS is configured
to forward the communication over a tunnel extending from the
destination CMTS to a destination cable modem.
5. An apparatus, comprising: a table to associate service
identifiers (SIDs) with tunnel identifiers; and circuitry
configured to: analyze a received upstream communication to
identify an SID associated with that received upstream
communication; compare the identified SID to the table, and,
according to the comparison, map a tunnel identifier from the table
to the identified SID; and attach the mapped tunnel identifier to
the communication, and forward the communication having the mapped
tunnel identifier attached thereto to a remote aggregation device,
wherein the tunnel identifier attached to the communication
identifies one of a plurality of tunnels extending from the
aggregation device to a plurality of Cable Modem Termination
Systems (CMTSs) and the tunnel identifier controls which of the
tunnels is used by the aggregation device for forwarding the
communication.
6. The apparatus of claim 5, wherein the apparatus is contained on
a local CMTS and the communication travels from the local CMTS,
through the remote aggregation device for remote processing of the
tunnel identifier, and to a remote CMTS.
7. The apparatus of claim 5, wherein the mapping of the tunnel
identifier to the SID in the table associates the received upstream
communication with a particular one of a plurality of Virtual Local
Area Networks (VLANs).
8. A system, comprising: means for mapping a plurality of tunnel
identifiers to a plurality of Service IDentifiers (SIDs); means for
comparing a particular SID of a received communication to the
mapping means and selecting a particular tunnel identifier
according to the comparison; and means for attaching the selected
tunnel identifier to the communication before forwarding the
communication to an aggregation device, wherein the tunnel
identifier attached to the communication identifies one of a
plurality of tunnels extending from the aggregation device to a
plurality of Cable Modem Termination Systems (CMTSs) and the tunnel
identifier controls which of the tunnels is used by the aggregation
device for forwarding the communication.
9. The system of claim 8, further comprising: means for selecting a
particular one of the tunnels according to the attached tunnel
identifier and forwarding the communication over the selected
tunnel.
10. The system of claim 9, further comprising: means for forwarding
the communication to a particular cable modem after the
communication passes through the selected tunnel.
11. A system, comprising: means for analyzing a communication from
a Cable Modem Termination System (CMTS) to observe a value of a
tunnel identifier attached to the communication; and means for
selecting a particular tunnel from a plurality of tunnels extending
from an aggregation device to a plurality of CMTSs according to the
observed value, wherein the communication is forwarded from the
aggregation device to a particular one of the CMTSs over the
particular tunnel.
12. The system of claim 11, further comprising: means for
associating a service identifier (SID) of a received upstream
communication with a virtual local area network; means for
selecting the tunnel identifier according to the association; and
means for attaching the selected tunnel identifier to the
communication before forwarding the communication from the
CMTS.
13. The system of claim 12, further comprising: means for removing
the tunnel identifier and forwarding the communication to a
destination cable modem.
Description
BACKGROUND
Cable modems provide customers with high-speed access to networks,
such as the Internet. Generally, the typical cable modem user is a
home user, desiring connection to the Internet. However, many small
businesses are discovering that cable modems provide them with a
reasonable solution for Internet access. Some small businesses have
even begun to deploy voice data over cable modems as an alternative
to dedicated telephone lines.
Cable modems connect to a network through a Cable Modem Termination
Server (CMTS). This provides connection to the Internet, and
switching and routing of data packets. For a small business that
only has one office, a single cable modem may be able to provide
service for the entire office, through one CMTS.
If a small business has more than one office, and each office has
its own cable modem, there may be more than one CMTS involved in
providing network services to the business. For small business
desiring `layer 2` local area network (LAN) services, this causes
problems. The CMTS may be able to provide `layer 3` services for
the individual cable modems, but not layer 2 services. These may
include, but are not limited to, support for non-Internet Protocol
(IP) version 4 protocols (currently provided by layer 3 services),
end-to-end encryption, higher levels of network control, and use of
a private IP address space.
SUMMARY
One embodiment is a network device having a network interface to
allow the device to send and receive traffic across a network. The
device also has a cable connection to allow the device to exchange
data with at least one other device across a cable network. The
device has a processor to receive traffic having a network
identifier through the network interface and determine if the
network identifier is associated with a virtual private network. If
the network identifier is associated with a virtual private
network, the device then routes the traffic to an appropriate
receiving entity through the cable connection if the network
identifier is associated with a local are network.
In one embodiment the network device is an aggregator.
In one embodiment the network device is a cable modem termination
server.
BRIEF DESCRIPTION OF THE DRAWINGS
Embodiments of the invention may be best understood by reading the
disclosure with reference to the drawings, wherein:
FIG. 1 shows an embodiment of a cable modem network having a
hub-and-spoke local area network services architecture.
FIG. 2 shows an embodiment of a method to provide local area
network services for transmitted traffic from a cable modem.
FIG. 3 shows an embodiment of a method to provide local area
network services for received traffic at an aggregator.
FIG. 4 shows an embodiment of a method to provide local area
network services for received traffic at a cable modem termination
server.
FIG. 5 shows an embodiment of a network device capable of providing
local area network services.
FIG. 6 shows an embodiment of a cable modem network having
fully-meshed local area network services architecture.
DETAILED DESCRIPTION OF THE EMBODIMENTS
An embodiment of a cable modem network having a hub-and-spoke
architecture is shown in FIG. 1. In this particular embodiment, the
cable network is comprised of several cable modem termination
servers (CMTS) 12, 14 and 16, in communication with a hub 10, also
referred to as a `head-end.` The CMTS each have a number of cable
modems, such as 120 and 128, attached to them. The CMTSes provide
network connection for the cable modems.
As discussed above, there may be several users using one cable
modem, several cable modems attached to on CMTS and several CMTSes
attached to the hub. While it will generally be true that all of
the users on a particular cable modem may be associated with one
particular customer, there may be several different customers using
one cable modem. A customer, as that term is used here, is any
entity with which more than one person is associated. Of particular
interest are those customers that have several different sites. No
limitation is intended on any combination of customers on cable
modems and CMTSes. The cable network may also have several
hubs.
The hub or head-end 10 may belong to a multiple service operator
(MSO) that provides voice, data and television service across the
cable modem network. The CMTSes 12, 14 and 16 allow the cable modem
users to access larger networks, such as the Internet. For ease of
discussion, and with no intention of limiting application of the
invention, it will be assumed that cable modems 120, 140 and 160
belong to Customer A, and cable modems 128, 148 and 168 belong to
Customer B.
These customers now have three sites, each with their own cable
modems, but no way to provide local area network (LAN) services,
such as those to ensure security, between the users at the
different sites. With application of embodiments of this invention,
the users will have the ability to use LAN services. For example,
users employing cable modem 120 will be able to send e-mail and
data to users at cable modem 140 securely and with no concern that
users at cable modem 148 or 128 can `see` the data or access
it.
In this embodiment, a network device 18 resides within the hub 10.
This device may be referred to as an aggregator provider edge
device or simply as an aggregator, with no intention of limiting
the nature or composition of this device. When traffic from a CMTS
enters the hub, the network device 18 will identify from what
customer's cable modem/user that traffic originated and will
forward it only to those cable modems belonging to that customer.
In some ways, then, the network device 18 could be seen as
performing bridging, where the users at cable modems 120, 140 and
160 could be viewed as one bridge group, and the users at cable
modems 128, 148 and 168 could be viewed as another bridge
group.
As mentioned before, it is possible to set up virtual private
network (VPN) solutions using what is referred to as "layer 3`
switching. Layer 3 refers to the OSI (Open System Interconnection)
reference model, in which Layer 3 is the network layer. In usage,
this generally refers to the network switching layer. A VPN using
layer 3 switching generally only supports Internet Protocol
traffic, and requires the customers to share their network
addressing information with the cable service provider or MSO.
A Layer 2 VPN can provide similar functionality without the
drawbacks of a Layer 3 solution. Layer 2 is the data link layer,
and may also be broken into a media access control (MAC) layer and
a logical link layer. Examples of Layer 2 implementations include
L2TP (Layer 2 Tunneling Protocol), currently on version 3 (L2TPv3),
and AToM. AToM is Any Transport over MPLS, where MPLS is the
Multiprotocol Label Switching, a protocol that uses labels to
direct routers and other network devices how data traffic having a
particular label is to be routed.
In one embodiment of this invention, the network identifier may be
based on a `pseudo-wire` or tunnel using L2TPv3 or AToM, as
examples, which is established between each CMTS and the aggregator
for each cable modem attached to the CMTS. If for example, CMTS 12
had 1000 cable modems requiring Layer 2 VPN services attached to
it, there would be 1000 pseudo-wires established. The `width` of
the connection between CMTS 12 and aggregator 10 would have a width
of n1=1000. This would be repeated for every CMTS attached to the
aggregator. In an alternative embodiment, the hub is a network over
which the pseudo wires traverse such as a Virtual Private LAN
Services (VPLS) cloud. In this case the hub and spoke topology
would be implementing Hierarchical VPLS or HVPLS.
An embodiment of a method to provide local area network services
for transmitted data from a cable modem is shown in flowchart form
in FIG. 2. At 20, the CMTS receives traffic from the cable modem.
The CMTS determines the upstream service identifier (SID) and the
MAC address associated with the traffic at 22. If the MAC address
matches that of the transmitting cable modem, the traffic is routed
`otherwise` such as through Internet Protocol (IP) routing at 26.
If the MAC address is not that of the cable modem, and the SID is
associated with a pseudo-wire, also called a tunnel, on the network
side interface, the CMTS encapsulates the traffic and provides a
network identifier at 28. The traffic is then forwarded at 30.
The network identifier may be a VLAN tag, pseudo-wire tag, or other
label that identifies the pseudo-wire through which the traffic is
to be routed. One customer may have several different pseudo-wires,
and therefore several different VLAN or other network identifiers,
associated with their sites. A VLAN is a similar pseudo-wire to
L2TPv2 and AToM. Network identifiers refer to the virtual private
network with which that cable modem traffic is associated.
In one embodiment, where there is a hub, aggregator or other
centralized entity, such as the network mentioned above, the
received traffic may be processed as shown in FIG. 3. The traffic
is received at the hub at 32. As will be discussed later,
alternatives to the centralized entity exist. At 34, the hub
examines the LAYER 2 network identifier, such as the VLAN tag. This
is more than likely done through a mapping table of identifiers to
pseudo-wires. The mapping then provides the hub with the
appropriate pseudo-wire for that traffic, based upon the
destination CMTS at 36. The hub then provides the necessary
outbound identifier, in this case an outbound layer 2 network
identifier at 37. The traffic is then forwarded to the appropriate
CMTS at 38.
An embodiment of a method of processing received local area network
traffic at a CMTS is shown in flowchart form in FIG. 4. The traffic
is received at a CMTS, such as CMTS 14 for example, at 40. The CMTS
discovers the network identifier, such as the VLAN tag. It must be
noted that the term `network identifier` as used here, does not
identify a network, but is the identifier used to tag the traffic
in a manner compatible with the network type. For example, as
discussed above, the identifier may be a VLAN tag for an Ethernet
network.
The CMTS then performs a look-up to determine if that VLAN tag is
then associated with a virtual private network, typically by
determining if it is associated with a downstream service
identifier (SID) at 44. In cable networks, generally, downstream
refers to data coming from the hub or network towards the CMTS and
the cable modem, and upstream is data coming from the cable modems
or the CMTSes towards the hub or the network.
If the identifier does not match at 44, the traffic may be
discarded or otherwise routed at 46. The network may employ
different manners of correcting errors in transmission, either bad
tags or incorrect routing. The nature and extensiveness of any
error correction measures implemented upon the detection of an
unmatchable tag are beyond the scope of this disclosure.
If the network identifier, such as the VLAN tag, matches the
identifier of a cable modem on the cable connection of the CMTS at
44, the network identifier is removed at 48. A cable modem header
or identifier is then attached at 50. This is similar to the
outbound layer 2 network identifier for the aggregator example
given previously. In some embodiments, this cable identifier may be
a DOCSIS (Data Over Cable Services Interface Specification) header.
DOCSIS is the current guiding specification for data over cable
modem networks with which most cable equipment and network
providers comply. The DOCSIS header will typically be generated
with the appropriate SID and the traffic will be sent downstream to
the appropriate cable modem at 52.
The processing of received local area network traffic at either the
CMTS or the aggregator have some processes in common. The network
device receives the traffic, discovers and/or examines the network
identifier. The network device then determines if there is a
virtual private network associated with that identifier, as either
represented by an associated cable service identifier in the case
of a CMTS, or by the VLAN or pseudo-wire tag in the case of the
hub/aggregator. An outbound identifier, either an outbound layer 2
network identifier, or a service identifier, is then provided to
the outbound traffic. The traffic is then routed to the appropriate
receiving entity. The traffic may be altered as needed in the case
of a CMTS, but both devices forward the data to the appropriate
recipient.
As mentioned above, the bridging task, that of mapping from the
network identifier to the appropriate CMTS, is performed at a
centralized entity. In a fully-meshed architecture, where each CMTS
has a pseudo-wire for every customer and every other CMTS, the CMTS
may perform the bridging function directly. The traffic does not
flow back to the hub, but is handled by each CMTS. Referring to
FIG. 2, the functions contained in box 38 would be performed by the
CMTS, rather than the hub.
An embodiment of a network device is shown in FIG. 4. The device 60
has a communications port or interface 62 for providing connection
and communication with the network, such as the Internet. This may
also be referred to as the network side interface as it is the
interface through which the network device receives the network
traffic or routes the traffic to the network.
A processor 64 performs the tasks of converting the traffic from
cable traffic to network traffic or the reverse and providing the
traffic with the correct routing based upon the service identifier
or the network identifier. The service identifier will be used in
embodiments where the network device is a CMTS, ensuring that the
data is routed to the correct cable modem on the pseudo-wire. The
network identifier may be used in embodiments where the network
device is an aggregator. The conversion may involve a look up
process, where the database or table being queried resides in the
memory 68.
The cable connection 66 allows the device to communicate with the
cable modems or the CMTS, depending upon whether the network device
is a CMTS, which communicates with cable modems, or an aggregator
that communicates with the CMTSes.
In the case of the aggregator that communicates with the CMTSes,
the cable connection may be the same as the network connection or
interface. As the CMTS functions generally to connect cable modems
to a larger network, such as the Internet, and may use network
protocols, the cable connection used by the aggregator to
communicate with the CMTS may be the same type of interface as the
outbound interface on the aggregator.
As discussed above, the network device providing the bridging
function between the pseudo-wires may be the CMTS in the case of a
fully meshed architecture. An embodiment of such an architecture is
shown in FIG. 5 with regard to CMTSes 12 and 14 from FIG. 1. In
this architecture, there is a pseudo-wire between the CMTSes for
each customer VPN communicating through a particular CMTS. As
discussed above, in one example cable modems 120 and 140 belong to
Customer A and cable modems 128 and 148 belong to Customer B.
In FIG. 5, for each Layer 2 VPN customer, a pseudo-wire is
established between each CMTS. In FIG. 5, CMTS 70, 72 and 74, each
has two connections per customer VLAN. CMTS 70 has a pseudo-wire
between itself and CMTS 72 for Customer A, Customer B and Customer
C, with a similar configuration for CMTS 70 to CMTS 74. In this
manner, each customer would be provided LAN services in a
fully-meshed architecture.
The CMTSes receive the cable modem to pseudo-wire mapping, or a
cable modem to virtual private network mapping, where the
pseudo-wires are associated with virtual private networks. This
mapping is used to assign the network identifiers based upon the
virtual private networks with which the cable modems are
associated. This may be true for either the fully-meshed embodiment
or the hub-and-spoke embodiment, upon registration of the cable
modem with the CMTS through the CM configuration file, for example.
Alternatively, the CMTS queries another server, such as a RADIUS
(Remote Access Dial In User Services) server, using the cable modem
MAC address. The pseudo-wire mapping for that CM can then be
provided by the other server for download by the CMTS.
In either embodiment, the cable modem customers would receive LAN
services across the cable network. This provides smaller entities
with several sites the ability to use the cable network for
connectivity, and still provides the features of having a LAN that
would otherwise be unavailable for them. In order to ensure privacy
of VPN traffic over the shared cable downstream we need to ensure
that traffic cannot `leak` into or out of the VPN.
To ensure that traffic does not leak out of the VPN, the CMTS must
encrypt all downstream traffic belonging to the VPN. To ensure that
traffic within the VPN does not leak out, the CMTS can use one
encryption key per CM in the VPN for unicast traffic and a separate
encryption key per VPN for non-unicast traffic based on the
Baseline Privacy Interface (BPI) defined in DOCSIS. This ensures
that unicast as well as multicast and broadcast traffic will not be
visible to any CM that does not belong to that VPN.
The harder problem to solve is ensuring that non VPN traffic does
not enter into the VPN. Today unencrypted non-VPN traffic can
potentially be forwarded into the VPN network by a CM because the
CM bases its forwarding decision on the downstream only on the
destination mac address. If the destination mac address of the
non-VPN traffic happens to overlap with a CPE device inside the
VPN, the CM may incorrectly consider the traffic to be destined to
that CPE and forward it into the VPN.
This incorrect forwarding can be avoided by adding a feature to the
CM such that only encrypted packets are considered for forwarding
by the CMs belonging to a VPN. Since all the traffic within the VPN
is encrypted and the CMs have the decryption keys for that traffic,
only that traffic would be forwarded by the CM. Unencrypted traffic
that doesn't belong to any VPN or encrypted traffic (using a
different key) that belong to a different VPN will be dropped by
the CM.
Although there has been described to this point a particular
embodiment for a method and apparatus for LAN services over a cable
network, it is not intended that such specific references be
considered as limitations upon the scope of this invention except
in-so-far as set forth in the following claims.
* * * * *
References